Merge pull request #26 from status-im/discovery-packet-validation

Added package length validation
This commit is contained in:
Yuriy Glukhov 2019-03-25 17:59:31 +02:00 committed by GitHub
commit ba53f4bc9b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 5 deletions

View File

@ -86,11 +86,13 @@ proc pack(cmdId: CommandId, payload: BytesRange, pk: PrivateKey): Bytes =
result = @(msgHash.data) & signature & encodedData
proc validateMsgHash(msg: Bytes, msgHash: var MDigest[256]): bool =
if msg.len > HEAD_SIZE:
msgHash.data[0 .. ^1] = msg.toOpenArray(0, msgHash.data.high)
result = msgHash == keccak256.digest(msg.toOpenArray(MAC_SIZE, msg.high))
proc recoverMsgPublicKey(msg: Bytes, pk: var PublicKey): bool =
recoverSignatureKey(msg.toOpenArray(MAC_SIZE, MAC_SIZE + 65),
msg.len > HEAD_SIZE and
recoverSignatureKey(msg.toOpenArray(MAC_SIZE, HEAD_SIZE),
keccak256.digest(msg.toOpenArray(HEAD_SIZE, msg.high)).data,
pk) == EthKeysStatus.Success